SeniorProject/Include.php at master · miller11/SeniorProject · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
<?php
include_once 'etc/config.php';
include_once 'Database.php';

#################### Error message function. ##################
function punt($message, $query = '')
{

    $lastPart = '';
    # Check to see if error resulted from a MySQL interaction,
    # i.e., is the $query variable set or not?
    if ($query != '') {
        $lastPart = "<br>MySQL query string:<br>  $query" .
            '<br>MySQL error number: ' . mysql_errno() .
            '<br>MySQL error description: ' . mysql_error();
    }
    die ("<br><br><b>Error: $message</b>" . $lastPart);
}

###################################################################

######################### URL Functions ###########################

# the desired page. The default URL is the base URL.
function getURL($path = '', $args = '')
{
    global $Proto, $Base, $Host;
    return $Proto . $Host . $Base . $path . $args;
}

# redirect returns a PHP redirect construct. The default URL is the base
# URL.
function redirect($path = '', $args = '')
{
    return 'Location: ' . getURL($path, $args);
}

# Analagous functions for current page (syntactic sugar).
function myURL($args = '')
{
    global $Proto, $Host;
    return $Proto . $Host . $_SERVER['PHP_SELF'] . $args;
}

function refresh($args = '')
{
    return 'Location: ' . myURL($args);
}

###################################################################

##################### Security Functions ##########################
# Function to get a random string with a specified length
function randomString($length = 127)
{
    return (substr(md5(mt_rand()), 0, ($length - 1)));
}

#Hash algorithm (probably changing our hashing type soon.)
function hashString($string)
{
    return (md5($string));
}

####################################################################

#################### Authorization Functions #######################
# Function checks to see if the person credentials are valid
function isLoggedIn()
{
    if (isset($_COOKIE['pid']) && $_COOKIE['creds']) {
        if (!isAdminId($_COOKIE['pid'])) {
            $sql = "select * from NON_UI_PERSON where ID = '" . $_COOKIE['pid'] . "'";
        } else {
            $sql = "select * from UI_PERSON where ID = '" . substr($_COOKIE['pid'], 2) . "'";
        }

        $results = queryDB($sql);
        if ($result = nextRow($results)) {
            if (hashString($result['ID'] . $result['NONCE']) == $_COOKIE['creds']) {
                return true;
            }
        }
    }

    return false;
}


# Function to get the info from a logged in person returns null if
# nobody is logged in
function getPersonUserName()
{
    if (isLoggedIn()) {
        if (!isAdminId($_COOKIE['pid'])) {
            #This person is a regular user
            $results = queryDB("select * from NON_UI_PERSON where ID = '" . $_COOKIE['pid'] . "'");
            if ($result = nextRow($results)) {
                return $result['EMAIL'];
            }
        } else {
            # This user is a UI user
            $results = queryDB("select * from UI_PERSON where ID = '" . getPersonId() . "'");
            if ($result = nextRow($results)) {
                return $result['HAWK_ID'];
            }
        }
    }
    return null;
}

# Function to first validate a user then return their id if validated otherwise null
function getPersonId()
{
    if (isLoggedIn()) {
        if (!isAdminId($_COOKIE['pid'])) {
            return $_COOKIE['pid'];
        } else {
            return substr($_COOKIE['pid'], 2);
        }
    }
    return null;
}

# Function to check permissions. Takes an argument that is required for a given page and returns true if the person
# has the given permission.
function hasPermission($permissionRequired)
{
    if (isLoggedIn()) {
        if (!isAdminId($_COOKIE['pid'])) {
            $sql = "select * from NON_UI_PERSON_LOOKUP where NON_UI_PERSON_ID = '" . getPersonId() . "' and " .
                "PERMISSIONS_PERMISSION = '" . $permissionRequired . "'";
        } else {
            $sql = "select * from UI_PERSON_LOOKUP where UI_PERSON_ID = '" . getPersonId() . "' and " .
                "PERMISSIONS_PERMISSION = '" . $permissionRequired . "'";
        }

        $results = queryDB($sql);
        if ($result = nextRow($results)) {
            return true;
        }
    }
    return false;
}

# Function to check to see if the user has an amdin id or a normal one.
function isAdminId($id)
{
    if (strlen($id) > 2) {
        if (substr($id, 0, 2) == 'ad') {
            return true;
        }
    }

    return false;
}

?>